Tuesday, April 08, 2014

The Heartbleed Bug, explained

Ezra Klein's news site Vox launched. The first article I read, The Heartbleed Bug, explained was really good and I thought really accessible for the non-geek.

"The majority of SSL-encrypted websites are based on an open-source software package called OpenSSL. On Monday, researchers announced a serious bug in this software that exposes users' communications to eavesdropping. OpenSSL has had this flaw for about 2 years."

Update: Given this bug, Mac users should do this: Mac users listen up! Enable certificate checking. Mine was already set correctly, I think due to some similar circumstances several years ago.

Update: This advice is good for more than just mac users, Heartbleed Security Bug: What Apple Users Need to Know.

No comments: